<?php
class userAction extends Action {
	
	public function  __construct() {
		parent::__construct();
		$this->assign('title', "我们约会吧");
	}
	
	public function index() {

		
		
	
			$user_manager = D ( 'User' )->getDao (array('all'=>true));
			//$user_manager = D ( 'User' )->getDao (array('idx'=>4));
			//$user_manager = D ( 'User' )->getDao (array('uname'=>'tgdfg'));
			
			$userList = $user_manager->select ();
		
		//	$Model->where("id=%d and username='%s' and xx='%f'",array($id,$username,$xx))->select();
			

		
		
		/*		
		 如果要同时输出多个模板变量，可以使用下面的方式：
		$params_view['name']    =    'thinkphp';
		$params_view['email']    =    'liu21st@gmail.com';
		$params_view['phone']    =    '12335678';
		$this->assign($params_view);*/
		
		$params_view['userList'] = $userList;
		$this->assign($params_view); // 模板发量赋值  
		
        $this->display(); // 输出模板  
	}
	
	public function test(){
		

		$key = "user_index_usersinfo";
		
		$usersInfo = getCache($key);
		
		if(!$usersInfo){
			$usersInfo=array();
			$usersInfo['uid_'.$uid] = $infor;
			setCache($key,$usersInfo,60*7);
		}else if(!$usersInfo['uid_'.$uid]){
			$usersInfo['uid_'.$uid] = $infor;
			setCache($key,$usersInfo,60*7);
		}
		
		$usersInfo=array();
		$usersInfo['uid_'.$uid] = $infor_new;
		setCache($key,$usersInfo,60*7);
		
		
		
		$key = "user_index_userlist_".uid;
		
		$userList = getCache($key);
		if(!$userList){
			$user_manager = D ( 'User' )->getDao (array('all'=>true));
			//$user_manager = D ( 'User' )->getDao (array('idx'=>4));
			//$user_manager = D ( 'User' )->getDao (array('uname'=>'tgdfg'));
			
			$userList = $user_manager->select ();
			setCache($key,$userList,60*7);
		}

		
		
		/*		
		 如果要同时输出多个模板变量，可以使用下面的方式：
		$params_view['name']    =    'thinkphp';
		$params_view['email']    =    'liu21st@gmail.com';
		$params_view['phone']    =    '12335678';
		$this->assign($params_view);*/
		
		$params_view['userList'] = $userList;
		$this->assign($params_view); // 模板发量赋值  
		
        $this->display(); // 输出模板  
	
	}
	
	// 处理表单数据
	public function insert() {
		//qwe
		//0896->896
		//a9d5->95
		
		//$uname = _param('uname');
		$uname = getGPC('uname','int');
		
		$user_manager = D( "User" )->getDao ( array('uname'=>$uname) );
		
		$data['uname'] = $this->_param('uname');
		$data['password'] = $this->_param('password');
		
		if ($user_manager->create ($data)) {
		//if ($user_manager->create ()) {
			if (false !== $user_manager->add ()) {
				$this->success ( '数据添加成功！' );
			} else {
				$this->error ( '数据写入错误2' );
			}
		} else {
			// 字段验证错误
			$this->error ( $user_manager->getError () );
		}
	}
	public function update(){
		$uname=$this->_post('uname');
		$uname = getGPC('uname','int');
		$User = D("User")->getDao ( array('idx'=>0) ); // 实例化User对象
		$data['nick'] = 't0';
		$User->where("uname='t0'")->save($data); // 根据条件保存修改的数据
		echo $User->getlastSql();
	}
	
	/**
	 * 
	 * thinkphp sql注入测试
	 */
	public function sql_injection(){
		
		$uname="' or '1'='1";
		
		//非安全模式，sql注入成功
		//1 where 直接查询sql语句，注入成功
		$user_manager = D ( 'User' )->getDao (array('all'=>true));
		$list = $user_manager->where("uname='$uname'")->select(); 
		var_dump($list);
	
		//2 模型的query和execute方法 同样支持预处理机制，注入成功
		$user_manager = new Model();
		$list = $user_manager->query("select * from user_0 where uname='%s'",$uname);
		var_dump($list);
		
		
		
		//非安全模式，sql注入成功
		//1 where 数组查询sql语句，注入失败
		$condition['uname'] = $uname;
		$user_manager = D ( 'User' )->getDao (array('all'=>true));
		$list = $user_manager->where($condition)->select(); 
		var_dump($list);
		
		//2 where方法使用字符串条件的时候，支持预处理（安全过滤），并支持两种方式传入预处理参数
		$user_manager = D ( 'User' )->getDao (array('all'=>true));
		$list = $user_manager->where("uname='%s'",$uname)->select();
		var_dump($list);
	}
	


}